Lucene search
K
MicrosoftCommerce Server

9 matches found

CVE
CVE
added 2012/04/10 9:0 p.m.1727 views

CVE-2012-0158

CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...

9.3CVSS7.8AI score0.99966EPSS
In wild
CVE
CVE
added 2012/08/15 1:0 a.m.1264 views

CVE-2012-1856

CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...

9.3CVSS7.9AI score0.72119EPSS
In wild
CVE
CVE
added 2008/03/11 11:0 p.m.71 views

CVE-2007-1201

CVE-2007-1201 is a remote code execution vulnerability in Microsoft Office Web Components 2000 related to the DataSource handling that can trigger memory corruption. Multiple sources describe the DataSource Vulnerability as allowing an attacker to execute arbitrary code in the user’s context by v...

9.3CVSS7.3AI score0.28734EPSS
CVE
CVE
added 2006/03/19 1:0 a.m.48 views

CVE-2006-1257

CVE-2006-1257 describes an authentication bypass in Microsoft Commerce Server 2002 prior to SP2. The issue arises when sample files in the web server’s AuthFiles directory are present and a remote attacker can log in to authfiles/login.asp with a valid username and any password, then reach the ma...

7.5CVSS6.8AI score0.3007EPSS
Web
CVE
CVE
added 2003/04/02 5:0 a.m.47 views

CVE-2002-0621

CVE-2002-0621 involves a buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000. The underlying cause is a vulnerable installer routine that can be triggered by specific input to the OWC package installer, allowing a remote attacker to cause th...

5CVSS7.9AI score0.16919EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.45 views

CVE-2002-0623

The CVE-2002-0623 entry describes a buffer overflow in the AuthFilter ISAPI filter of Microsoft Commerce Server 2000 and 2002. The vulnerability allows remote attackers to execute arbitrary code by sending long authentication data. Connected documents confirm the affected product and component, a...

7.5CVSS8.5AI score0.19609EPSS
CVE
CVE
added 2002/06/25 4:0 a.m.40 views

CVE-2002-0050

CVE-2002-0050 affects Microsoft Commerce Server 2000 via the AuthFilter ISAPI filter. A buffer overflow in the AuthFilter ISAPI filter allows remote attackers to execute arbitrary code by sending long authentication data. The vulnerability is exploitable over the network without authentication, w...

7.5CVSS8.5AI score0.13216EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.40 views

CVE-2002-0622

The CVE-2002-0622 entry concerns the Office Web Components (OWC) package installer used with Microsoft Commerce Server 2000. The vulnerability allows remote attackers to execute commands by providing input to the OWC package installer (Command Execution via installer input). This is described as ...

7.5CVSS7.7AI score0.19376EPSS
CVE
CVE
added 2002/07/01 4:0 a.m.36 views

CVE-2002-0620

CVE-2002-0620 describes a buffer overflow in the Profile Service of Microsoft Commerce Server 2000. The vulnerability enables remote attackers to cause the server to fail or execute arbitrary code in the LocalSystem context by supplying input through an affected API call. The available documents ...

5CVSS7.9AI score0.12205EPSS